You've run a tool, such as ZAP, against your web site in an attempt to harden it and you discover your site is prone to 'clickjacking'. 

A quick search reveals:

Clickjacking

The malicious practice of manipulating a website user's activity by concealing hyperlinks beneath legitimate clickable content, thereby causing the user to perform actions of which they are unaware.

Upon further investigation, you discover you can add a line to your Apache configuration file which will prevent clickjacking:

Header always append X-Frame-Options SAMEORIGIN

Seems simple enough but when you restart Apache, you get the following error:

Invalid command ‘Header’, perhaps misspelled or defined by a module not included in the server configuration

The problem is that Apache is missing the header module, something you need to install first:

a2enmod headers

Or if you need to use sudo:

sudo a2enmod headers

Assuming you left your header option in your apache configuration file, you can restart Apache once more:

service apache2 restart

Now when viewing the headers, you'll see the following:

X-Frame-Options: SAMEORIGIN